A universal resource locator (URL) collider processes a click event referencing a URL and directs a browser to a page at the URL. While the page is being rendered by the browser with page data from a web server, the URL collider intercepts the page data including events associated with rendering the page, determines microfeatures of the page such as Document Object Model objects and any URLs referenced by the page, applies detection rules, tags as evidence any detected bad microfeature, bad URL, or suspicious sequence of events, and stores the evidence in an evidence database. Based on the evidence, a judge module dynamically determines whether to condemn the URL before or just in time as the page at the URL is fully rendered by the browser. If so, the browser is directed to a safe location or a notification page.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
2. The method according to claim 1, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the computer system, or an email server communicatively connected to the computer system.
This invention relates to systems for processing and analyzing click events referencing URLs to detect and mitigate potential threats. The technology addresses the problem of identifying malicious or suspicious URLs that users may encounter through various digital interactions, such as web browsing, email, or other networked applications. The method involves obtaining or receiving click events that reference URLs from multiple sources, including processing queues, data stores, URL feeds, threat-handling services, system agents, or email servers connected to the computer system. These sources provide a comprehensive view of URL interactions, enabling real-time or near-real-time analysis to assess whether a URL poses a security risk. The system then processes these click events to determine if the referenced URLs are malicious, suspicious, or safe, allowing for appropriate actions such as blocking, flagging, or allowing access. By aggregating data from diverse sources, the method improves threat detection accuracy and reduces the likelihood of users encountering harmful content. The approach is particularly useful in enterprise environments where multiple systems and services generate URL-related events that need centralized monitoring and analysis.
3. The method according to claim 1, wherein the browser comprises a headless browser.
A headless browser is a web browser without a graphical user interface, designed to automate web interactions and perform tasks such as scraping, testing, and rendering web content programmatically. Traditional browsers require a display and user input, making them inefficient for automated processes. Headless browsers eliminate these limitations by executing scripts and rendering pages in the background, enabling faster and more scalable web automation. This method involves using a headless browser to perform web-based tasks, such as data extraction, form submission, or automated testing. The headless browser operates without a visible interface, reducing resource consumption and improving performance. It can simulate user interactions, parse HTML, execute JavaScript, and capture rendered content, making it suitable for applications like web scraping, performance monitoring, and automated testing frameworks. By leveraging a headless browser, the method ensures efficient and reliable web automation without the overhead of a graphical interface. This approach is particularly useful in environments where speed, scalability, and resource efficiency are critical, such as cloud-based services, continuous integration pipelines, and large-scale data collection systems. The headless browser's ability to mimic real user behavior while operating in the background enhances its utility in automated workflows.
4. The method according to claim 3, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
A method for capturing click events in a headless browser involves detecting when a user interacts with a URL embedded in a document. The headless browser, which operates without a graphical user interface, monitors user input to identify clicks on hyperlinks within documents such as web pages, PDFs, or other digital files. When a click event is detected, the browser records the interaction, including the URL targeted by the click and the context of the document. This method enables automated tracking of user navigation patterns, allowing for analysis of link usage, performance monitoring, or security assessments. The headless browser may also simulate the click event to follow the URL, enabling automated testing or data extraction from linked resources. The technique is particularly useful in environments where user interactions need to be logged or analyzed without requiring a visible browser interface, such as in server-side applications, automated testing frameworks, or security scanning tools. The method ensures accurate capture of click events while maintaining the efficiency and scalability of headless browser operations.
6. The method according to claim 1, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
A method for detecting malicious web activity involves identifying suspicious sequences of events in a browser session. The method monitors browser behavior to detect patterns indicative of potential security threats, such as malicious scripts or unauthorized data access. One specific aspect of this method focuses on detecting the loading of an inline frame (iframe) by the browser. Iframes are often used in web attacks to embed malicious content within a legitimate webpage, allowing attackers to execute scripts or redirect users to harmful sites. By identifying the loading of an iframe as part of a suspicious event sequence, the method can flag potential security risks. The method may also analyze additional contextual factors, such as the source of the iframe or the timing of its loading, to determine whether the activity is malicious. This approach helps improve web security by proactively detecting and mitigating threats before they can cause harm.
8. The system of claim 7, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the system, or an email server communicatively connected to the system.
The system is designed for processing and analyzing click events referencing URLs to enhance security and threat detection. The system collects click events from various sources, including processing queues, data stores, URL feeds, services that handle URL threats, system agents, and email servers connected to the system. These sources provide data on user interactions with URLs, allowing the system to monitor and assess potential security risks. By aggregating click events from multiple sources, the system can detect patterns, identify malicious URLs, and mitigate threats before they impact users. The system's ability to integrate with diverse data sources ensures comprehensive coverage and real-time threat detection, improving overall cybersecurity defenses. The system may also include additional components for analyzing URL content, validating URLs, and generating threat reports to support security operations. This approach enables proactive threat management and reduces the risk of URL-based attacks.
9. The system of claim 7, wherein the browser comprises a headless browser.
A system for web-based data processing utilizes a headless browser to automate interactions with web applications. The headless browser operates without a graphical user interface, enabling efficient execution of scripts and commands to navigate, extract, or manipulate web content. This approach is particularly useful for tasks such as web scraping, automated testing, or data extraction, where visual rendering is unnecessary but programmatic control is required. The system may include a server or client-side component that deploys the headless browser to perform these operations, ensuring compatibility with dynamic web content that relies on JavaScript or other client-side technologies. By eliminating the need for a display, the system reduces resource consumption and improves performance, making it suitable for large-scale or high-frequency web interactions. The headless browser may also support features like session management, cookie handling, and network request interception, allowing for sophisticated automation workflows. This solution addresses the challenge of efficiently processing web-based data without the overhead of traditional browser interfaces, particularly in environments where automation and scalability are critical.
10. The system of claim 9, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
A system for capturing and processing user interactions with embedded URLs in documents using a headless browser. The system operates in the domain of web automation and user behavior tracking, addressing the challenge of accurately detecting and recording user clicks on hyperlinks within documents without requiring a visible browser interface. The headless browser executes in the background, simulating a real browser environment to capture click events when a user selects a URL embedded in a document. This allows for automated monitoring of user navigation patterns, link interactions, and document traversal without disrupting the user experience. The system may integrate with other components to analyze the captured click events, such as logging the URL, tracking user behavior, or triggering subsequent actions based on the interaction. The headless browser ensures that the click event is processed efficiently, enabling real-time or batch analysis of user engagement with embedded links. This approach is particularly useful for applications like web analytics, automated testing, and user experience optimization, where understanding how users interact with hyperlinks is critical. The system enhances the ability to gather precise interaction data while maintaining a seamless user experience.
12. The system of claim 7, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
A system for detecting suspicious activity in web browsers monitors sequences of events to identify potential security threats. The system analyzes browser behavior to detect patterns indicative of malicious activity, such as the loading of an inline frame (iframe) by the browser. Inline frames are often used in web attacks, such as clickjacking or cross-site scripting, where malicious content is embedded within a legitimate webpage. The system includes a rule-based engine that evaluates browser events in real time, flagging sequences that match predefined suspicious patterns. These patterns may involve interactions with iframes, such as unauthorized script execution, unexpected navigation, or manipulation of DOM elements. The system may also correlate these events with other browser activities, such as network requests or user inputs, to determine the context and severity of the threat. By detecting and blocking such sequences, the system enhances browser security, preventing exploitation of vulnerabilities that could lead to data theft, unauthorized access, or other malicious actions. The system is designed to operate transparently, minimizing performance impact while providing robust protection against web-based attacks.
14. The computer program product of claim 13, wherein the click event referencing the URL is obtained or received from a processing queue, a data store, a URL feed, a service which handles URL threats, an agent of the computer system, or an email server communicatively connected to the computer system.
This invention relates to computer security systems that analyze URLs to detect and mitigate threats. The problem addressed is the need to efficiently and accurately process URL-related events, such as clicks, to identify malicious or suspicious links before they cause harm. The invention involves a computer program product that processes click events referencing URLs from various sources to determine whether the URLs pose a threat. The system evaluates these URLs by checking them against threat intelligence data, analyzing their content, or using other security mechanisms to assess risk. The invention ensures that URLs are assessed in real-time or near-real-time to prevent potential security breaches. The click events referencing URLs can be obtained from multiple sources, including a processing queue, a data store, a URL feed, a service dedicated to handling URL threats, an agent within the computer system, or an email server connected to the computer system. This flexibility allows the system to integrate with different security infrastructures and adapt to various threat detection workflows. By aggregating URL events from these diverse sources, the system provides comprehensive threat analysis and improves overall security posture. The invention enhances existing security measures by ensuring that all URL-related activities are monitored and evaluated for potential risks.
15. The computer program product of claim 13, wherein the browser comprises a headless browser running on the device.
A system and method for web content processing involves using a browser to extract and analyze data from web pages. The browser operates on a computing device and is configured to navigate to a specified web page, extract content from the page, and process the extracted content to generate a structured output. The browser may include a headless browser, which runs without a graphical user interface, enabling automated and efficient web scraping or data extraction tasks. The system may also include a server that communicates with the browser to provide instructions for navigating to web pages and processing the content. The server may further analyze the structured output to identify patterns, trends, or specific data points of interest. This approach allows for automated collection and analysis of web data, which can be used for various applications such as market research, competitive analysis, or content monitoring. The headless browser ensures that the process is resource-efficient and scalable, as it eliminates the need for rendering graphical elements that are not necessary for data extraction. The system may also include additional components for handling authentication, session management, and error recovery to ensure reliable operation.
16. The computer program product of claim 15, wherein the click event is captured by the headless browser when a user clicks on a URL embedded in a document.
A system captures and processes user interactions with embedded URLs in documents using a headless browser. The technology addresses the challenge of tracking and analyzing user behavior when interacting with hyperlinks in digital documents without requiring a visible browser interface. The headless browser operates in the background, detecting and recording click events on URLs embedded within documents. When a user clicks on a URL, the headless browser captures the event, including details such as the URL location, timestamp, and contextual information from the document. This captured data is then processed to extract relevant insights, such as user engagement patterns, navigation paths, or content preferences. The system may also validate the URLs, check for broken links, or pre-fetch content to improve user experience. By automating these tasks in a headless environment, the system enables efficient monitoring and analysis of URL interactions without disrupting the user's workflow. The solution is particularly useful for applications requiring real-time tracking, performance optimization, or security checks on embedded hyperlinks in documents.
17. The computer program product of claim 13, wherein the rule identifying the suspicious sequence of events includes detection of a loading of an inline frame by the browser.
A system detects and mitigates malicious web-based attacks by analyzing browser activity for suspicious sequences of events. The system monitors browser operations, including the loading of inline frames (iframes), to identify potential security threats. When an iframe is loaded, the system evaluates whether this action is part of a known malicious pattern, such as cross-site scripting (XSS) or clickjacking. If a suspicious sequence is detected, the system triggers a security response, such as blocking the iframe, alerting the user, or terminating the session. The system may also log the event for further analysis. The detection process involves real-time monitoring of browser events, comparing them against predefined rules, and applying machine learning models to improve threat identification over time. This approach enhances web security by proactively preventing attacks that exploit browser vulnerabilities.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 20, 2023
April 30, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.